From 1720b64f735ff2798ab50ea9e2a40ab42af6cc6e Mon Sep 17 00:00:00 2001 From: Andrew Burgess Date: Tue, 18 Jul 2023 13:52:20 +0100 Subject: [PATCH] gdb: fix possible nullptr dereference in a remote_debug_printf call While working on another patch I triggered a segfault from within the function remote_target::discard_pending_stop_replies. Turns out this was caused by a cut&paste error introduced in this commit: commit df5ad102009c41ab4dfadbb8cfb8c8b2a02a4f78 Date: Wed Dec 1 09:40:03 2021 -0500 gdb, gdbserver: detach fork child when detaching from fork parent This commit adds a remote_debug_printf call that was copied from earlier in the function, however, the new call wasn't updated to use the appropriate local variable. The local variable that it is using might be nullptr, in which case we trigger undefined behaviour, and could crash, which is what I was seeing. Fixed by updating to use the correct local variable. --- gdb/remote.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gdb/remote.c b/gdb/remote.c index 7e3d6adfe4f..ff3d7e5cd32 100644 --- a/gdb/remote.c +++ b/gdb/remote.c @@ -7564,8 +7564,8 @@ remote_target::discard_pending_stop_replies (struct inferior *inf) for (auto it = iter; it != rs->stop_reply_queue.end (); ++it) remote_debug_printf ("discarding queued stop reply: ptid: %s, ws: %s\n", - reply->ptid.to_string().c_str(), - reply->ws.to_string ().c_str ()); + (*it)->ptid.to_string().c_str(), + (*it)->ws.to_string ().c_str ()); rs->stop_reply_queue.erase (iter, rs->stop_reply_queue.end ()); } -- 2.30.2